Slashdot Mirror

← Back to Stories (view on slashdot.org)

HardenedBSD Completes Strong ASLR Implementation

Posted by timothy on from the never-play-marco-polo-with-hannibal-lector dept.

New submitter HardenedBSD writes: A relatively new fork of FreeBSD, HardenedBSD, has completed its Address Space Layout Randomization (ASLR) feature. Without ASLR, applications are loaded into memory in a deterministic manner. An attacker who knows where a vulnerability lies in memory can reliably exploit that vulnerability to manipulate the application into doing the attacker's bidding. ASLR removes the determinism, making it so that even if an attacker knows that a vulnerability exists, he doesn't know where that vulnerability lies in memory. HardenedBSD's particular implementation of ASLR is the strongest form ever implemented in any of the BSDs.

The next step is to update documentation and submit updates to the patches they have already submitted upstream to FreeBSD. ASLR is the first step in a long list of exploit mitigation technologies HardenedBSD plans to implement.

8 of 66 comments (clear)

  1. Update documentation by zAPPzAPP · · Score: 3, Funny

    That's always my next step too

  2. Old story by no-body · · Score: 2

    Adamantix over 10 years ago but got silent after version 2 or so. Tried to find their soure recently- impossible. Would have been great to get it to current HW compatibility. End of old story.

  3. OpenBSD? by Anonymous Coward · · Score: 2, Interesting

    I believe OpenBSD already added this functionality. Yer or two ago. How is this implementation better than theirs?

  4. Re:Why not just use OpenBSDs? by Zer0P · · Score: 5, Interesting

    Wouldn't it be easier to just import OpenBSD's implementation?

    See the pictures under this link: http://hup.hu/node/140322 . ;)

  5. My big question now... by tlambert · · Score: 3, Interesting

    My big question now...

    Can I still run the debugger on running binaries, or does the debugger now need work done on it?

    Same question, but for core dumps.

    1. Re:My big question now... by tlambert · · Score: 2

      It will also reveal some bugs that were nicely hidden before, when the particular fixed allocation didn't cause any immediately visible issues.

      Fuzzing is useless, if you can't reproduce the bug.

      It's the same as saying "There's a bug in there *somewhere*, but I will be damned if I can tell you where!".

      Eng: "You mean 'It's broke'?"

      Test: "Yeah."

      Eng: "Thank you very F'ing much!"

      Test: "What are you typing?"

      Eng: "I'm closing your bug as 'Can not reproduce'; there: done!"

  6. Re:All that effort, so little protection by Bengie · · Score: 2

    If you can read the address space you can defeat ASLR

    Ohh, you mean segfault when you read unallocated memory? Even if you could, are you planning to read all 8,589,934,592GiB of the address space? with O(n) scaling, assuming a crazy low 1 clock cycle per address, it would take you about 35 years to scan the entire 2^63 user virtual address space at 4ghz.

    I am not saying ASLR is perfect, I'm just saying it's not nearly as simple as you make it out to be.

  7. Re:Pollination is good by Bengie · · Score: 2

    Pollination is good

    HardenedBSD was forked with the explicit idea of testing new security ideas and seeing what works, then pushing the code upstream back to FreeBSD. *BSD is not like Linux distros where they rarely work together. A lot of security ideas require some major changes that would not be feasible as a simple branch.